Firewall and Reverse proxy, NAT

firewall

(Zoltán Polyák) #1

NethServer Version: 7.4.1708
Module: Firewall and anothers

Hi there!

This is the first time when we use Nethserver as a firewall at a bigger company, but we can’t figure out, how to do this:
We used to use simple firewall builder software, and everythings worked fine.
So the case:
Two ISP IP address:

  • 33.44.55.66 (this is on the red interface) for mail server, and two web servers on port 80
  • 33.44.55.67 (Ip alias on the red interface) for an another web server but its listening on the 8080 port, from outside 80

So, how can I set up the firewal to access the web severs from the wan and the lan, like:
domain: mail.valami.hu - 33.44.55.67 - server lan ip/ports: 10.0.0.1:80, 25,465, etc
domain: doku.valami.hu - 33.44.55.67 - server lan ip/port: 10.0.0.2:80
domain: ugyfel.valami.hu - 33.44.55.66 - server lan ip/port: 10.0.0.3:8080

One of our rules:
$IPTABLES -t nat -A PREROUTING -p tcp -m tcp -d .33.44.55.66 --dport 8080 -j DNAT --to-destination 10.0.0.3
$IPTABLES -t nat -A OUTPUT -p tcp -m tcp -d 33.44.55.66 --dport 8080 -j DNAT --to-destination 10.0.0.3
$IPTABLES -t nat -A POSTROUTING -o eth1 -p tcp -m tcp -d 10.0.0.3 --dport 8080 -j SNAT --to-source 10.0.0.4

10.0.0.4 -firewall

So how can I translate it to Nethserver language?

Thanks you very much for your help!


(Michael Träumner) #2

For the WAN-site I would configure a port-forwarding. SNat is also available.
Edit:SNAT is only for the way outside. The docs only say to do it withport forwarding.
The documentation of the firewal you can find here:
http://docs.nethserver.org/en/v7/firewall.html
Perhaps @mrmarkuz has some more experience with it.


(Zoltán Polyák) #3

Job done!
Close or delete topic.


(Michael Träumner) #4

The best way would be to post your solution and mark it as solved.